File ownership is a prime component for Linux to provide a secure method to maintain files in a file system. Every file in Linux has the following attributes:
* Owner permissions
* Group permissions
* Other (World) permissions
The owner’s permission is granted to the current owner of a file or directory.
The group’s permission is granted to a set of users, who is a member of the group that a file belongs to and can perform on the file. The other’s permission is granted to all users.
The actions that can be performed on a file are as follows:
* Read
* Write
* Execute
A user with read permissions can view the contents of a file.
A user with write permissions can edit the contents of the file.
A user with execute permissions can run a file as a program.
The permissions of a file can be displayed using the ls -l command.
Example:
ram@vue$ ls -l /home/ram/.profile
-rw-r–r– 1 ram users 255 Oct 12 16:45 /home/ram/.bash_profile
The first character – refers that it is a regular file. The first three characters indicate the permissions for the owner of the file, the next three characters indicate the permissions for the group the file is associated with, and the last three characters indicate the permissions for all other users. For the above file, the owner is ram and the group is users. The user ram has read and write permissions, whereas members of the group users and all other users have only read permissions.
Changing Permissions:
The owner of a file of directory to uses the chmod command change its permissions.
Syntax: chmod [expression] files.
The expression can be of the following types:
* Octal
* Symbolic
Octal Method
This method is also known as the absolute method since it changes all of the permission settings. This method uses an octal expression to change permissions.
Example:
[ram@vue] ~$ ls -l test.c
-rwxr-x— 1 ram prog 656 May 23 23:25 test.c
[ram@vue] ~$ chmod 0777 test.c
-rwxrwxrwx 1 ram prog 656 May 23 23:25 test.c
The first argument of chmod (0777) is called the mode, that sets the permissions to -rwxrwxrwx.
Permission | Numeric Value |
---|---|
- | 0 |
r | 4 |
w | 2 |
x | 1 |
For each of the three sets, the numbers corresponding to the permissions are added.
rwx = 4 + 2 + 1 = 7
rwx = 4 + 2 + 1 = l
rwx = 4 + 2 + 1 = 7
This gives the mode argument of 777 (the leading 0 is optional)
Symbolic Method
This method is also known as relative method that uses letters to alter the permissions. Here, only the permissions to be changed are selected, while the other permissions are unaltered.
Syntax: chmod [who] [action] [permissions] filename
Who:
Letter | Meaning |
---|---|
u | user (owner) |
g | group |
o | other |
a | all |
Action:
Symbol | Meaning |
---|---|
+ | Adding permissions to the file |
- | Removing permissions from the file |
= | Explicitly set the file permissions |
Permissions:
Letter | Meaning |
---|---|
r | read |
w | write |
x | execute |
s | SUID or SGID |
Example:
[ram@vue] ~$ ls -l test.c
-rwxr-x— 1 ram prog 645 May 15 21:30 test.c
[ram@vue] ~$ chmod o+x test.c
[ram@vue] ~$ ls -l test.c
-rwxr-x–x 1 ram prog 645 May 15 21:30 test.c
Here, o+x adds execute permissions to others, leaving the rest unchanged.
Changing Owners and Groups:
There are two commands available to change the owner and the group of files.
These are:
* chown
* chgrp
The “chown” command stands for change owner, which is used to change the owner of a file. The “chgrp” command stands for change group, which is used to change the group of a file. But it should be noted that only the user himself or the system administrator could vary the individuals permission.
Example:
[shyam@vue] ~$ chown ram file1 file2
Here, shyam is the owner of file1 and file2 and the ownership is changed to ram, There can be as many files as required, separated by spaces. But since the files are still in shyams directory, so ram may not be able to do much with his new possession.
A similar command chgrp allows the user to change the group id of a file.
Example:
$ chgrp systems file1 file2
Here, the group of two files are changed to the systems. Providing that the directory permissions allow, members of the system group acquire new access rights on these two files.